-
Notifications
You must be signed in to change notification settings - Fork 9
/
Add-Permission.ps1
14 lines (10 loc) · 1.06 KB
/
Add-Permission.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Install-Module Microsoft.Graph -Scope CurrentUser
Connect-MgGraph -Scopes Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All
$PermissionName = "DeviceManagementManagedDevices.Read.All"
$PermissionName2 = "User.Read.All"
$SystemmanagedIdentity = "<INSERT SYSTEMMANAGED IDENTITY ID HERE>"
$GraphServicePrincipal = Get-MgServicePrincipal -Filter "appId eq '00000003-0000-0000-c000-000000000000'"
$AppRole = $GraphServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains "Application"}
$AppRole2 = $GraphServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName2 -and $_.AllowedMemberTypes -contains "Application"}
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $SystemmanagedIdentity -PrincipalId $SystemmanagedIdentity -ResourceId $GraphServicePrincipal.Id -Id $AppRole.Id -AppRoleId $AppRole.Id
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $SystemmanagedIdentity -PrincipalId $SystemmanagedIdentity -ResourceId $GraphServicePrincipal.Id -Id $AppRole2.Id -AppRoleId $AppRole2.Id